Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026031201032525 | Publication Time | 2026/03/12 13:16 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/03/12 13:16 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Ivanti Endpoint Manager contains a high-risk security vulnerability (CVE-2026-1603). Please verify and apply the necessary patches as soon as possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202603-00000007 Security researchers have discovered that Ivanti Endpoint Manager contains an Authentication Bypass vulnerability (CVE-2026-1603). An unauthenticated remote attacker can exploit this vulnerability to obtain specific authentication credentials. This vulnerability has already been exploited by attackers. Please verify your systems and apply the necessary patches as soon as possible. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Ivanti Endpoint Manager versions up to and including 2024 SU4 SR1 |
|||
| [Recommended Actions]
The vendor has released a remediation update for the vulnerability. Please refer to the official advisory and perform the update accordingly. The URL is as follows: |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2026-1603 2. https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US |
|||